cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
509
Views
4
Helpful
4
Replies

Implications of enabling authorization in console

namendoz
Cisco Employee
Cisco Employee

Hello all,

I have read that it is not advised to enable authentication in console ports. Can any one point out the reasons for this and best practices as well? I am dealing with a 6509 with Sup 720 and IOS 12.2SX.

Thanks a lot in advance!

Nataniel

4 Replies 4

namendoz
Cisco Employee
Cisco Employee

So sorry, meant authorization in console ports :(

Jagdeep Gambhir
Level 10
Level 10

Nataniel,

It's to prevent the user from accidentally shutting themselves out from

configuring the box"

In other words, what you don't want to have happen is to turn on authorization, have the tacacs+ or radius daemon be unreachable (for whatever) reason, and never again be able to get into your box. It's fine if this happens on vty lines, as long as you have a way to FIX it. Once you can't get to the console anymore, you've got problems.

Regards,

~JG

Do rate helpful posts

Hi JG,

Isn't there an option where I can define to avoid authorization if I was authenticated, just for the case when lose my TACACS server?

Thanks once again!

Regards,

Nataniel

Hi Nataniel,

"aaa authorization console"command is disabled by default.

So authorization on console is disabled.

Regards,

~JG

Do rate helpful posts

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: